Professional Documents
Culture Documents
2; 2018
Received: December 5, 2017 Accepted: January 1, 2018 Online Published: January 4, 2018
doi:10.5430/afr.v7n2p1 URL: https://doi.org/10.5430/afr.v7n2p1
Abstract
The assessment of a control risk is a difficult task which has to be learned over the years. Experience is a good
teacher in this respect. So, education guided by experience may be expected to be fruitful. The purpose of this paper
is to develop practical flowcharts (PFs) to assist in educating the novices the assessment of control risk and to present
the results of validation of PFs approach in classroom. The main research questions examined in the paper are: (1)
how can the PFs be developed to help students and novice auditors assess the control risk? And (2) to what extent is
using PFs effective as a tool to improve the education of assessing the control risk? To answer these questions,
adequate field work and experiment were performed. The knowledge is acquired (a) from the literature and (b) from
experienced auditors. The findings of the paper indicated that the conceptual model of PFs is successfully designed
consisting of eleven submodels and ten PFs. Moreover, using a PFs approach is an effective tool to improve the
education of assessing the control risk, i.e., the learning performance of students significantly improved via the PFs
assignment. From the results of the validation, it may be concluded that the conceptual model of PFs provides a vital
contribution to the auditing literature and the application of it constitutes a new education method of auditing.
Keywords: Control Risk, Practical Flowcharts Approach, Auditors, Education
1. Introduction
The auditor’s assessment of acceptable audit risk is a key element in the auditing process. Control risk is one
component of the audit risk model. The composition of a control risk assessment is a difficult task which has to be
learned over the years. Experience is a good teacher in this respect. So, education guided by experience may be
expected to be fruitful. Furthermore, one approach to improve auditing education is to employ a practice set within
the curriculum (Fanning and Grant, 2017). To assess the control risk, the auditors should obtain an appropriate audit
evidence to be able to draw reasonable conclusions on which an assessment is based. Audit evidence has been
obtained from tests of controls, substantive procedures or an appropriate mix of them (IFAC, 2010). According to
Arens et al. (2014) and Wahdan (2006), there are two audit approaches: (1) the control approach: the auditors focus
on the examination of the internal controls to reduce the amount of substantive tests they perform, and (2) the
substantive approach: the auditors do not take into account the internal controls and focus their analysis directly on
the amounts represented in the financial statements.
Standard unqualified audit report loses some credibility when it is combined with an adverse report of entity-level
internal controls over financial reporting as alleged by some users (Asare & Wright, 2012; Defond and Lennox,
2017). Furthermore, the firms with material weaknesses of internal control under SOX section 404 are more likely to
receive going concern opinion (Jiang et al., 2010) and may be associated with both lower accruals quality and less
accurate management guidance (Doyle et al., 2007; Feng et al., 2009; Lenard et al., 2016; Amoal, et al., 2017; Ji et
al., 2017). Moreover, the quality of accounting information can only be guaranteed under effective internal control
(Li et al., 2012; Feng, 2017). Management in most companies is required to design and maintain an effective internal
control system and to make a report on the effectiveness of the internal control over financial reporting at the end of
year. Moreover, auditors in a public company are required to evaluate and attest to the management’s report on the
effectiveness of the internal control over financial reporting. Since 2004, larger public companies have been required
by the SEC to annually obtain an auditor’s report on internal controls over financial reporting (Lopez et al., 2006;
Institute of internal Auditors, 2008; Arens, et al., 2014; Romney & Steinbart, 2015). So, an auditor should be skilled
and trained in assessing the control risk.
In practice, the assessment of control risk in not based on objective rules or criteria but on professional judgment and
experience. Inexperienced auditors have difficulties in making this assessment effectively (Hwang et al., 2004).
Since company managers and auditors depend on the personal judgements approach during the stage of evaluating
the internal controls, this may lead to different company managers and auditors reaching different decisions on the
effectiveness of internal controls over financial reporting, depending on, among others, their experience and
expertise (Curtis & Hayes, 2002; O’Leary, 2003; Wahdan et al., 2009). Such an approach may be ineffective and
may lead to different auditors coming to different decisions, developing a personal bias, increasing/decreasing audit
scope, and/or giving misleading judgements (Wahdan, 2006).
This paper aims at (1) developing practical flowcharts (abbreviated as PFs) to facilitate (i) training by professors and
experienced auditors in assessing the control risk and (ii) the learning process of students and novice auditors in
assessing the control risk, and (2) investigating whether PFs approach is an effective tool to improve the education of
assessing the control risk. Of course, the knowledge in the PFs (that are applicable in practice) should be in
accordance with ISA 330 (The Auditor's Responses to Assessed Risks), ISA 400 (Risk Assessments and Internal
Control), COSO 2013, and with common practice. The training materials should focus on the audit assessments and
relevant procedures that help in assessing the control risk. Two main research questions examined in this paper are:
(1) how can the PFs be developed to help students and novice auditors assess the control risk? And (2) to what extent
is using PFs effective as a tool to improve the education of assessing the control risk?
The paper focuses on both the education of students to a qualified level the assessment of the control risk and the
design of the PFs that will help the education process in many ways (Wahdan & Van den Herik (2011). Below, it is
mentioned six of them.
(1) PFs will help reduce the time required for students and novice auditors to acquire the experiences needed to
assess the control risk
(2) PFs will support the training of students and novice auditors [Changchit, 2003]. It will provide them with
structured knowledge on the assessment of control risk.
(3) PFs will improve the education in such a way that the control risk complies with the ISA, COSO requirements
and the practical auditing settings (which differ from country to country).
(4) PFs will properly encode and arrange all the knowledge associated with the control risk; it organises personal
judgements and improves decision consensus as well as audit quality.
(5) PFs can be considered as a foundation to design software such as knowledge-based system to help students and
novice auditors assess the control risk and to support the experienced auditors as a second opinion (Wahdan,
2006).
(6) PFs can be considered as an efficient technique being more readily and understandable than other techniques,
such as textbooks, and tabular presentation (Groomer & Heintz, 1999).
(7) PFs can provide with the requirements of an effective system of internal control and may enable management to
eliminate ineffective, redundant or inefficient controls (COSO, 2013).
The conceptual model of PFs focuses on the assessment of control risk, which seeks to determine internal controls’
reliability. To assess the effectiveness of the internal controls for planning audit evidence, auditors need to perform
eleven activities: (1) understanding internal controls, (2) evaluating the management integrity, (3) examining
documents and records, (4) evaluating control environment, (5) reviewing risk assessment, (6) investigating control
procedures, (7) reviewing information and communication, (8) walking-through of significant accounts, (9)
performing tests of controls, (10) monitoring and (11) assessing the control risk (COSO, 2013; Arens et al., 2014).
To assess the control risk, the results of all above activities should be collected in advance to assess the control risk.
The full model consists of eleven submodels that directly lead to the structure of PFs (as presented in section 4).
The outline of the paper is as follows. Section 2 reviews the related literature. Section 3 deals with the research
methodology. Section 4 presents the conceptual model to design PFs. Section 5 provides the results of an
experimental study carried out within one state university in Egypt. Section 6 provides the main conclusion,
contribution and limitations as well as points to future work.
2. Literature Review
There are some studies related to auditing education and some tools used to improve the effectiveness of auditing
education. Here some studies that are related to internal controls, practical flowcharts, and other educating tools are
presented as follows.
Groomer & Heintz (1999) were the first to propose the use of flowcharts in teaching students many types of the audit
reports and the formulation of the auditor’s report. However, they based their course materials only on GAAS and
ignored the ISA as well as the common practice. They focused on the changes in some Statements of Auditing
Standards [SAS No. 79 (Reports on Audited Financial Statements), and SAS No. 82 (Consideration of Fraud in a
Financial Statement Audit)] that deal with the reporting issues.
Changchit, et al., (2001a) designed an expert system to help transfer control knowledge to management. The findings
of the study indicated that the expert system could help managers effectively and efficiently detect the weaknesses in
internal controls. Changchit, et al., (2001b) presented another study for the same purpose with results similar to the
former.
In 2004, Hwang et al. presented a prototype design support model called “CRAS-CBR” using case-based reasoning
to help auditors making their professional judgments on the control risk assessment of the accounting systems in the
manufacturing industry. The results of the experiment indicated that CRAS-CBR outperforms staff auditor
performance and a statistical model. However, this study depends only on a small sample size.
Wahdan & Van den Herik (2011) used a practical flowcharts approach to educate youngsters in the formulation of
the auditor’s opinion. Since the auditing standards provide only guidelines to apply the standards in practice, it is
believed that the knowledge required to build adequate PFs should be acquired not only from GAAS and ISA, but
also from the literature as well as from experienced auditors (who know how the auditing standards can be applied in
practice) through a questionnaire and interviews.
The study of Wahdan (2013) aims at modelling, implementing, and validating a knowledge-based system, called the
“Auditor’s Report on Internal Controls” (ARIC), that is capable of formulating the opinion on the effectiveness of
internal controls over financial reporting. The knowledge used by ARIC is acquired from the literature, and from
experienced auditors. Test cases are used to validate the ARIC performance. The findings of the study indicated that
ARIC is successful in achieving the task of evaluating the internal controls over financial reporting.
Marand and Bayaz (2015) purposed to discover the impact of computerized accounting systems on the auditing risk
management in listed firms of Tehran stock exchange. The results of the study indicated that the computerized
accounting system has a positive impact on the inherent risk in forms of reducing the internal control weakness,
reducing the risk of sampling related to tests of controls and providing with a suitable method to assess the inherent
risk.
In 2015, Han et al. dealt with the association between information technology (IT) and audit risk. They found that the
IT complexity generates challenges for auditors in evaluating the effectiveness of internal control and detecting
accounting irregularities. However, IT decreases the audit risk by improving operations and internal control
effectiveness which may decrease the inherent and control risks.
Apostolou et al. (2015) reviewed the literature regarding the theoretical and empirical research related to accounting
education and found that the articles are categorized into five sections including: (1) curriculum and instruction, (2)
instruction by content area, (3) education technology, (4) students, and (5) faculty. They also presented suggestions
for research in these areas.
In 2015, there were a lot of researches and experiments related to accounting education, for examples: Camp et al.
(2015) used alternative quiz formats to motivate students learning in a classroom intervention at one US University.
Furthermore, Ryack et al. (2015) explored the challenges of teaching GAAP and IFRS in the second intermediate
financial accounting course at two private universities in the US. Glover and Werner (2015) also devoted IFRS
course at Drexel University and presented alternative delivery options and the best practice. Moreover, McNellis
(2015) inspected the efficacy of alternative approaches for delivering statement of cash flows content across three
semesters at a public US University. Greenberg and Wilner (2015) developed a hierarchal concept map framework
for integrating concepts in a managerial accounting course. Jackson and Cossitt (2015) investigated whether usage of
online tutoring software could benefit intermediate accounting students with a weak knowledge of introductory
accounting. Aldamen et al. (2015) examined the effect of using recorded lectures on course performance and
attendance for first year students enrolled in a financial accounting course.
In 2017, Davis et al. described a case approach for teaching internal control evaluation in sales and cash receipts
cycles using Excel spreadsheet tool. The case and spreadsheet application provide students an opportunity to deeply
understand and analyse the accounting processes, the internal controls, and the interrelationships between the
processes and controls. The finding of the study indicated that the students were significantly increased their abilities
to evaluate internal controls by completing the case (their average score increased from 44% to 62%).
In 2017, Fanning and Grant compared the manual and computerized practice set, which achieving the learning
objectives best. The findings of the study indicated that the computerized practice set decreases the time and energy
of the faculty and increases the faculty's ability to help the remote students. However, using a computerized practice
set that post the transactions in not beneficial to the student's retention of the knowledge about the accounting
process. The best scenario appears to be choosing the option for having students post the transactions.
It is remarked that previous studies ignored designing practical flowcharts to help learn the assessment of control risk
according to the literature and auditors' experiences. So far, educating the assessment of control risk using practical
flowcharts received little attention in the literature. To the best of the author's knowledge, previous research has
failed to deal adequately with the complexities of the task of assessing control risk in the auditing classrooms.
3. The Research Methodology
To achieve the research goal, a research methodology consisting of six phases was developed: (1) reviewing the
literature, (2) designing a questionnaire, (3) validating the acquired knowledge, (4) designing the PFs, (5) revising
the PFs, and (6) applying and testing the PFs in our auditing education at Menoufia University in Egypt. A sample of
34 experienced auditors in seventeen audit firms in Egypt participated in the survey (note: several international audit
firms are included and three auditors are from the Central Auditing Organization in Egypt). They cooperated in
exploring the auditing tasks to a large extent, in so far as they are required to assess the control risk. Below the six
phases are described in more details.
(1) A thorough literature review was performed for acquiring knowledge to assess the control risk.
(2) The questionnaire coupled with in-depth interviews was used to elicit the knowledge from 34 experienced
auditors in audit firms; the required knowledge focused on how the auditor performs the task of assessing the
control risk in practice. In order to acquire the audit assessments needed to assess the control risk and to answer
the first research question. The questionnaire consisted mainly of questions requiring a response on a five-point
Likert-scale (always, often, sometimes, rarely, never). The revised questionnaire was divided into 11 parts (based
upon preliminary interviews), each covering one submodel of the proposed flowcharts. Furthermore, when
performing structured interviews, the questionnaire was sent to auditors before the interviews. The 11 main
domains of questions that cover the procedures required to assess the control risk are presented in PFs (most of
the detailed questions and procedures, which have a high weighted Means are presented in PFs).
(3) The acquired knowledge was validated by letting the auditors review the results of the knowledge-acquisition
process. Disagreements among auditors were solved. The author chose a sample of experienced auditors to
decrease the disagreements among the auditor’s points of view and interviewed them individually. Then, if there
was still any disagreement, the leading expert made a final decision. For example, the sequence of questions to
evaluate the control procedures. Some auditors preferred to use weights for the control procedures such as
separation of duties is more important than safeguarding of assets. The flowcharts are modified to reflect the
auditors’ points of view. Moreover, It is noted that a high risk cannot be reached by simply having one ‘no’
answer out of many questions asked.
(4) PFs were constructed based upon the knowledge collected and elicited in the three phases above.
(5) Revision of the PFs was carried out by the auditors (academic and practitioners) to check the validation of the
PFs as a tool for assessing the control risk.
(6) Based upon the results of the revision and validation process in step five, PFs were enhanced. Subsequently, the
PFs were tested in the auditing classroom using ten test cases. 64 students from Menoufia University in Egypt
participated. Some feedback information was collected from auditing professors and students about the
developed PFs. Finally, findings, conclusion, limitations and suggestions for future research were established.
4. The Conceptual Model for PFs
The conceptual model of using PFs is illustrated in Figure 1. The main submodel of the assessing control risk is
considered as the output of other ten submodels. The other submodels are (1) understanding internal control, (2)
evaluating the management integrity, (3) examining documents and records, (4) evaluating control environment, (5)
reviewing risk assessment, (6) investigating control procedures, (7) reviewing information and communications, (8)
walking-through of significant accounts, (9) performing tests of controls and (10) monitoring (Wahdan, 2006;
Wahdan, 2013, COSO, 2013, Arens et al., 2014; Lawson et al., 2017; Owusu-Boateng et al., 2017). These submodels
represent the stages of assessing control risk that cope with the approach applied by the Big-4 audit firms.
(3) Examining
documents and (8) Walking-through
records of significant
accounts
(1) (11)
Understanding (4) Evaluating control Assessing
internal control, environment control risk
(6) Investigating
control procedures (10) Monitoring
Yes
Yes
of a transaction type and traces them through the entire accounting process in the transaction walk-through (Ernst &
Young, 2002; Arens et al., 2014). Figure 3 illustrates the PF of understanding internal controls.
Understanding of internal control system supports Understanding of internal control system does not
the low level of control risk support the low level of control risk
The purpose of this submodel is to contribute to assess the adequacy of documents and records to help auditors
assess whether the financial statements are auditable, if the accounting records (source of the audit evidence) are
unreliable and/or inadequate, the audit evidence may not be accessible. Moreover, improper documentation process
provides opportunity to misappropriate the assets (Zakaria & Nawawi, 2016). When the auditor concludes that the
financial statements are not auditable, the engagement is withdrawn or a disclaimer of opinion is issued (Arens et al.,
2014) as illustrated in figure 2.
4.5 The Submodel of Control Environment
The purpose of this submodel is to evaluate control environment (management attitude). This evaluation is essential
for the preliminary assessment of the level of control risk (Hwang et al., 2004; COSO, 2013). Control environment
consists of actions, policies, and procedures that affect management attitudes with respect to internal controls. The
auditor should understand the control environment to assess the management’s attitude and awareness regarding the
controls importance (Colbert, 2000; Munter, 2003; IFAC, 2010; Institute of internal Auditors, 2011). If management
gives less attention to internal controls, the management’s control objectives will not be effectively achieved (Arens
et al., 2014), the control procedures may be unreliable and the control risk should be at the maximum. Figure 5
illustrates the PF of control environment. The auditor can use five procedures to understand and assess control
environment in the organization: (1) organization’s integrity and ethical values, (2) board of director’s independence,
(3) responsibilities and authorities throw organizational structure, (4) competent individuals (5) accountability
(KPMG, 2013; Arens et al., 2014; Khorwatt, 2015; DEO, 2016).
Evaluation of control environment supports the Evaluation of control environment does not
low level of control risk support the low level of control risk
The purpose of this submodel is to illustrate the steps of risk assessment and how this process affects the assessment
of control risk. In designing and operating internal controls to minimize errors and fraud, management identifies and
analyses the risks related to the preparation of financial statements in accordance with related accounting standards.
Once management identifies risks, it assesses the significance of those risks and its likelihood of occurring and
develops actions needed (manage risk) to reduce the risks to an acceptable level (Deshmukh, 2004; KPMG, 2013;
Arens et al., 2014). On the other side, the auditors assess risks to decide the evidence needed in the audit. Risk
assessment requires management to consider the impact of possible changes in its business and external environment
that may make internal control ineffective (COSO, 2013). The auditors’ assessment of the risk consists of three
stages (PCAOB, 2005): (1) Risk identification; the auditor estimates the expected risks in financial statements, based
on his understanding of the company, its industry and business processes. (2) Risk analysis; the auditor analyzes and
assesses how the risks identified might affect the financial statements. (3) Auditor response; the auditor decides how
to conduct the audit and obtain a high level of assurance that material misstatements in financial statements will be
detected. Figure 6 illustrates the PF of risk assessment.
Risk assessment supports the low level of Risk assessment does not support the low
control risk level of control risk
Investigation of controls
procedures does not support the
low level of CR
Yes
Yes
Yes
5. Classroom Application
In this section the research question no.2 will be answered. An experimental setting was as follows. PFs were used in
the second level auditing course "Advanced Auditing" at one state university (Menoufia University) in Egypt (a
sample of 64 students participated in the experiment). The topic of the assessment of control risk was covered in the
auditing class using textbook, and then using PFs. The students were randomly divided into two groups. One group
was provided with PFs, the other was not. Both groups had accessed to lecture notes and textbook materials related
to the assessment of control risk.
Ten auditing test cases were designed in cooperation with a group of 34 auditors within seventeen audit firms in
Egypt. The auditors also provided the guidelines answers of the ten auditing test cases. The assignment of control
risk was distributed to all 64 students. The group with PFs (32 students) solved the ten test cases using lecture notes
and textbook materials as well as PFs, while the other group (32 students) solved the cases using lecture notes and
textbook materials only.
Table 1 provides the results of 64 students from Menoufia University. The 32 Menoufia students who did not use
PFs faced 320 (32 * 10) test cases; they solved 259 cases correctly resulting in 81%, while the students who used PFs
solved 304 cases out of 320 cases correctly, which is represented by 95%. Based on the observation and the
judgments of the ten auditing test cases, it may be concluded that the group who used PFs performed better than the
other group (see table 1). It is observed that the students who used PFs made fewer errors in the assessment of
control risk, and were faster in finalizing the assignment than the other group who did not use PFs. Furthermore, it is
remarked that the students’ knowledge in the auditing class was improved as we experienced from a discussion
afterwards (see below). Using PFs gives the students a hand-on experience dealing with the assessment of control
risk. Moreover, some professors from different Egyptian universities provide some feedback information regarding
PFs.
Table 1. Impact of PFs on Students’ Learning Performance - Menoufia University
Students who did not use PFs Students who used PFs
(% Correct) (% Correct)
N = 32 N=32
The Assignment (10 auditing test 81% 95%
cases)
To support the statements above some students and professors provide some feedbacks.
Professor 1: "The logic of the flowcharts for assessing the control risk is easy to understand and follow. They are
saving time to teach students how to assess the control risk".
Professor 2: "Flowcharts guide students to the required procedures to assess the control risk in accordance with
auditing standards and COSO requirements".
Professor 3: “Flowcharts are useful in practice as a tool for training students and novice auditors on how to assess the
control risk. If we want to improve or have more benefits from these flowcharts, we should: (1) apply flowcharts in
practical cases, (2) connect the flowcharts with CPA firms’ studies, and (3) use the flowcharts in all of our auditing
classrooms”.
Student 1: "PFs are excellent flowcharts. They enable us to understand which level of the control risk should be
assessed when the auditor faces different problems and cases during performing his work (audit). It is the first time
that I fully understand auditing in general and the assessment of control risk in particular".
Student 2: "From the first impression, I consider these flowcharts as complex flowcharts, however after I give them
my intention and concentration I found that they are high techniques to understand and remember the assessment of
control risk ".
Student 3: "From my point of view, these flowcharts are very important. They help us to understand the topic of
assessment of control risk".
6. Conclusion and Future Research
6.1 Conclusion and Contribution
This paper aimed at developing and testing the PFs that help educate students in the assessment of control risk. Two
main research questions examined in this paper are: (1) how can the PFs be developed to help students and novice
auditors assess the control risk? And (2) to what extent is using PFs effective as a tool to improve the education of
assessing the control risk? The knowledge is acquired (a) from the literature and (b) from experienced auditors. The
primary contribution of this paper is that the conceptual model of PFs is successfully designed and consists of eleven
submodels and ten PFs.
The conceptual model provides a vital contribution to the literature, and the application of it constitutes a new
educating method of auditing. As an aside the author would like to mention that from the validation process by the
respondents and interviewees as well as from an empirical test, it may be concluded that usage of PFs is an effective
tool to improve the auditing education. PFs developed in this paper are logical and easy to follow. Finally, the author
believes that organizing the training sessions by using the PFs is a good way to prepare students for a successful
career in auditing. Hence it is concluded that PFs are beneficial to the students; the students who used PFs
outperformed students who did not use them. Moreover, the PFs made the learning process of the assessment of
control risk more effective (see the students and professors’ feedbacks). The PFs developed in this paper have their
origins in both theoretical and practical settings. Yet, the goal is to use them for teaching purposes. The conceptual
model of PFs provides top management and external auditors with procedures used in the evaluation of the overall
effectiveness of the entity’s system of internal control. So, the conceptual model of PFs has important implications
for those responsible for implementing an effective internal control (managers), evaluating internal controls (external
auditors), teaching internal controls (professors) and learning internal controls (students). These practical flowcharts
enable students to gain experiential knowledge of the world he or she will participate in and face upon graduation, as
well as to have real world experiences in short time. To the best of the author's knowledge, this is the first study that
contributes to the literature by developing PFs as a tool for educating the control risk assessment.
6.2 Limitations and Future Research
This study is subjected to some limitations regarding generalizability of results since the sample size of students is
small and from one state university. In addition, designing test cases may be subjective. Future research should deal
with the impact of PFs on the learning process of novice auditors on the cases in a real auditing setting. Furthermore,
the PFs approach could be applied in the other classroom settings to generalise the results. Moreover, PFs may be
used as a basis for designing software for assessing the control risk.
Acknowledgement
The author would like to thank the reviewers and participants at 2017 International Conference on Computer
Auditing (ICAEA 2017) in London for their helpful feedback on earlier versions of this manuscript. Moreover, the
author gratefully acknowledges the helpful comments of the editor and both anonymous reviewers of AFR journal.
References
Aldamen, H., Al-Esmail, R., & Hollindale, J. (2015). Does Lecture Capturing Impact Student Performance and
Attendance in an Introductory Accounting Course? Accounting Education, 24(4), 291–317.
https://doi.org/10.1080/09639284.2015.1043563
Amoah, N.Y., Anderson, A., Bonaparte, I. & Tang, A.P. (2017). Internal Control Material Weakness and Real
Earnings Management. Advances in Public Interest Accounting, 20, 1-21.
https://doi.org/10.1108/S1041-706020170000020001
Apostolou, B., Dorminey, J.W., Hassell, J.M. & Rebele, J.E. (2015). Accounting Education Literature Review
(2015). Journal of Accounting Education, 35, 20-55. https://doi.org/10.1016/j.jaccedu.2016.03.002
Arens, A.A., Elder, R.J., & Beasley, M.S. (2014). Auditing and Assurance Services: An Integrated Approach. 15th
Edition, Pearson Education Limited, England.
Asare, S.K. & Wright, A. (2012). The effect of Type of internal Control Report on users' Confidence in the
Accompanying Financial Statement Audit report. Contemporary Accounting research, 29(1), 152-175.
https://doi.org/10.1111/j.1911-3846.2011.01080.x
Boynton, W.C. & Johnson, R.N. (2006). Modern Auditing: Assurance Services and the Integrity of Financial
Reporting. 8th Edition, John Wiley & Sons Inc., USA.
Camp, J. M., Earley, C. E., & Morse, J. M. (2015). The Use of Alternative Quiz Formats to Enhance Students’
Experiences in the Introductory Accounting Course. Advances in Accounting Education, 17, 25–43.
https://doi.org/10.1108/S1085-462220150000017012
Changchit, C. (2003). The Construction of an Internet-Based Intelligent System for Internal Control Evaluation.
Expert System with Applications, 25, 449-460. https://doi.org/10.1016/S0957-4174(03)00069-1
Changchit, C., Holsapple, C.W., & Madden, D.L. (2001a). Supporting Manager's Internal Control Valuations: An
Expert System and Experimental Results. Decision Support Systems, 30, 437-449.
https://doi.org/10.1016/S0167-9236(00)00127-5
Changchit, C., Holsapple, C. W., & Viator, R.E. (2001b). Transferring Auditors’ Internal Control Evaluation
Knowledge to Management. Expert System with Applications, 20, 275-291.
https://doi.org/10.1016/S0957-4174(00)00066-X
Colbert, J.L. (2000). The Impact of the New External Auditing Standards. Internal Auditor, 57(6), 46-51.
COSO (Committee of Sponsoring Organizations of the Treadway Commission). (2013). Executive Summary.
Curtis, M.B. & Hayes, T. (2002). Materiality and Audit Adjustments, The CPA Journal, (April). Available at:
www.nysscpa.org/cpajournal/2002/0402/dept/d046902.html/
Davis, J.T., Ramamoorti, S. & Krull, G.W. (2017). Understanding, Evaluating, and Monitoring Internal Control
Systems: A case and Spreadsheet Based Pedagogical Approach. AIS Educator Journal, 12(1), 59-68.
https://doi.org/10.3194/1935-8156-12.1.59
Defond, M.L. & Lennox, C. (2017). Do PCAOB Inspections Improve the Quality of Internal Control Audits. Journal
of Accounting Research, 55(3), 591-627. https://doi.org/10.1111/1475-679X.12151
DEO (2016). 2016-17 Internal Control Questionnaire and Assessment, Florida Department of Economic
Opportunity. Available at; www.floridajobs.org, accessed on January 2017.
Deshmukh, A. (2004). A Conceptual Framework for Online Internal Controls. Journal of Information Technology
Management, XV(3-4), 23-32.
Doyle, T.J., Ge, W. & McVay, S. (2007). Accruals Quality and Internal control Over Financial Reporting. The
accounting Review, 82(5), 1141-1170. https://doi.org/10.2308/accr.2007.82.5.1141
Ernst & Young (2002). Evaluating Internal Controls, Considerations for Documenting Controls at the process,
Transaction, or Application Level. Ernst & Young Accountants, Rotterdam, The Netherlands, Available at
http:// www.ey.com.
Fadzil, .H.F., Haron, H. & Jantan, M. (2005). Internal Auditing Practices and Internal Control System. Managerial
Auditing Journal, 20(8), 844-866. https://doi.org/10.1108/02686900510619683
Fanning, K. & Grant, R. (2017). Manual vs. Computerized practice Set: Which Achieves Learning Objectives the
Best? AIS Educator Journal, 12(1), 25-33. https://doi.org/10.3194/1935-8156-12.1.25
Feng, J. (2017). Research on Internal Control of accounting Information Systems in ERP Environment. Advances in
Social Science, Education and Humanities Research, 4th International Conference on Education, Management
and Computing technology, 101, ICEMCT 2017. https://doi.org/10.2991/icemct-17.2017.330
Feng, M., Li, C. & McVay, S. (2009). Internal Control and Management Guide). Journal of accounting and
Economics, 48(2-3), 190-209. https://doi.org/10.1016/j.jacceco.2009.09.004
Glover, H., & Werner, E. M. (2015). Teaching IFRS: Options for Instructors. Advances in Accounting Education, 16,
113–131. https://doi.org/10.1108/S1085-462220150000016006
Greenberg, R. K., & Wilner, N. A. (2015). Using Concept Maps to Provide an Integrative Framework for Teaching
the Cost or Managerial Accounting Course. Journal of Accounting Education, 33(1), 16–35.
https://doi.org/10.1016/j.jaccedu.2014.11.001
Groomer, S.M. & Heintz, J.A. (1999). Using Flowcharts to Teach Audit Reports: An Update. Journal of Accounting
Education, 17, 391-405. https://doi.org/10.1016/S0748-5751(99)00022-6
Guy, D.M., Carmichael, D.R., & Lach, L.A. (2003). Practitioner’s Guide to GAAS. John Wiley and Sons, Inc.,
Canada.
Han, S., Rezaee, Z., Xue, L., & Zhang, J.H. (2015). The Association between Information Technology Investments
and Audit Risk, Journal of Information Systems. Available at: http://dx.doi.org/10.2308/isys-51317, Accessed
on: 2/2/2016. https://doi.org/10.2308/isys-51317
Hwang, S., Shin, T., & Han, I. (2004). Internal Control Risk Assessment System Using Case-Based Reasoning.
Expert Systems, 21(1), 22-33. https://doi.org/10.1111/j.1468-0394.2004.00260.x
IFAC (2010). Handbook of International Auditing, Assurance, and Ethics Pronouncements. International Federation
of Accountants. Available at http:/www.ifac.org.
Institute of internal Auditors. (2008). Sarbanes-Oxley Section 404: A guide for management by internal Controls
practitioners. 2th edition, January
Institute of internal Auditors. (2011). Auditing the Control Environment. IPPF-Practice Guide, Available at:
www.theiia.org/guidance.
Ji, X., Lu, W. & Qu, W. (2017). Voluntary Disclosure of Internal Control Weakness and earnings Quality: Evidence
From China. The International Journal of Accounting, 52, 27-44. https://doi.org/10.1016/j.intacc.2017.01.007
Jackson, M., & Cossitt, B. (2015). Is Intelligent Online Tutoring Software Useful in Refreshing Financial
Accounting Knowledge? Advances in Accounting Education, 16, 1–19.
https://doi.org/10.1108/S1085-462220150000016001
Jiang, W., Rupley, K.H. & Wu, J. (2010). Internal Control Deficiencies and the Issuance of Going Concern Opinions.
Research in Accounting Regulation, 22, 40-46. https://doi.org/10.1016/j.racreg.2009.11.002
Khorwatt, E. (2015). Assessment of Business Risk and Control Risk in the Libyan Context. Open Journal of
Accounting, 4, 1-9. https://doi.org/10.4236/ojacct.2015.41001
KPMG (2013). COSO Internal Control – Integrated Framework (2013).
Krishnan, G.V. & Visvanathan, G. (2007). Reporting Internal Control Deficiencies in the post-Sarbanes-Oxley Era:
The Role of Auditors and Corporate Governance. International journal of auditing, 11, 73-90.
https://doi.org/10.1111/j.1099-1123.2007.00358.x
Lawson, B.P., Muriel, L. & Sanders, P.R. (2017). A survey on Firms' Implementation of COSO's 2013 Internal
Control-Integrated Framework. Research in Accounting Regulation, 29, 30-43.
https://doi.org/10.1016/j.racreg.2017.04.004
Lenard, M.J. (2003). Knowledge Acquisition and Memory Effects involving an Expert System Designed as a
Learning Tool for Internal Control Assessment. Decision Sciences Journal of Innovative education, 1, 23-38.
https://doi.org/10.1111/1540-5915.00003
Lenard, M.J., Petruska, K.A., Alam, P. & Yu, B. (2016). Internal Control Weakness and Evidence of Real Activities
Manipulation. Advances in Accounting, incorporating Advances in International Accounting, 33, 47-58.
Li, C., Peters, G.F., Richardson, V.J. & Wastson, M.W. (2012). The Consequences of Information Technology
Control Weakness on Management Information Systems: The Case of Sarbanes-Oxley Internal Control Reports.
MIS Quarterly, 36(1), 179-203.
Locatelli, M. (2002). Good Internal Controls and Auditor Independence. The CPA Journal, (October), pp. 12-15.
Lopez, T.J., Vandervelde, S.D. & Wu, Y. (2006). The Auditor's Internal Control Opinions: An Experimental
Investigation of Relevance. ABC Conference and THE University of South Caroline, Columbia, pp. 1-27.
https://doi.org/10.2139/ssrn.905796
Marand, A.A. & Bayaz, M.L.D. (2015). Survey the Effect of the Computerized Accounting Systems on the Auditing
Risk Management. International Journal of Review in Life Sciences, 5(10), 607-618.
McNellis, C. J. (2015). Re-conceptualizing Instruction on the Statement of Cash Flows: The Impact of Different
Teaching Methods on Intermediate Accounting Students’ Learning. Advances in Accounting Education, 17,
115–144. https://doi.org/10.1108/S1085-462220150000017017
Munter, P. (2003). Evaluating Internal Controls and Auditor Independence under Sarbanes-Oxley. Financial
Executive, (October), 25-26.
O’Leary, D.E. (2003). Auditor Environmental Assessments. International Journal of Accounting Information
Systems, 4, 275-294. https://doi.org/10.1016/j.accinf.2003.09.001
Owusu-Boateng, W., Amofa, R. & Owusu, I.O. (2017). The Internal control Systems of GN Bank-Ghana. British
Journal of Economics, Management & Trade, 17(1), 1-17.
PCAOB (2004). An Audit of Internal Control over Financial Reporting Performed in Conjunction with an Audit of
Financial Statements. Washington, D.C., PCAOB Release 2004-001, PCAOB Rulemaking, Docket Matter
No.008.
PCAOB (2005), Risk Assessment in Financial Statement Audits. Available at: www.pcaobus.org, 1-38. Accessed on:
5/12/ 2015.
Romney, M.B. & Steinbart, P.J. (2015). Accounting Information Systems. Pearson Education Limited, 13th, London,
England.
Ryack, K. N., Mastilak, M. C., Hodgdon, C. D., & Allen, J. S. (2015). Concepts-based Education in a Rules-based
World: A Challenge for Accounting Educators. Issues in Accounting Education, 30(4), 251–274.
https://doi.org/10.2308/iace-51162
Wahdan, M.A. (2006). Automatic Formulation of the Auditor's Opinion. PhD Thesis, Maastricht University, The
Netherlands.
ــــــــــــــــــــــــ. (2013). A Knowledge-based System for Evaluating the Internal Controls over Financial Reporting. The
First International Conference on Accounting and Auditing, Faculty of Commerce - Beni Suef University, pp.
1-26.
Wahdan, M.A. & Herik, H.J. van den. (2011). Impact of a Practical Flowcharts Approach on Educating the Auditor’s
Opinion Formulation. The proceeding of the First International Conference: Emerging Research Paradigms in
business and social Sciences, Middlesex University, Dubai.
Wahdan, M.A., Spronck, P., Ali, H. F., Vaassen, E., & Herik, H.J. van den. (2009). Computer Producing a ‘Fair’
Auditor’s Report. The Proceeding of the Congress 18th IMDA, Tbilisi, Georgia, 293–300.
Zakaria, K.M. & Nawawi, A. (2016). Internal controls and Fraud-empirical Evidence from Oil and Gas Company.
Journal of Financial crime, 23(4), 1151-1168. https://doi.org/10.1108/JFC-04-2016-0021